Quick "Sneezes" about Computers, Networking, and Technology.

How to Parse DMARC Reports

How to Parse DMARC Reports

UPDATE : As of March 9, 2016 I would recommend you instead use the more modern DMARC Report Parser.

The current buzz in the e-mail industry, is around Domain-based Message Authentication, Reporting & Conformance, commonly referred to as: DMARC. DMARC pulls together SPF and DKIM, into a method to try to stop spam and keep people from abusing your brand/domain. One of the added benefits of DMARC, is that receivers are able to report back to the domain owner, the disposition of messages being sent into their environment. Gmail is currently one of the few receivers providing these reports back, but hopefully adoption will be growing soon.

The reports sent to the domain owner, are in an XML format, making it difficult to be human-readable. Thankfully, John Levine has provided some parsing scripts to push the information into a database for easy querying. The scripts expect a certain level of knowledge and experience, so my goal is to help people unfamiliar with the steps/process.

It is expected that you already have a MySQL database server running on your host, and that you are aware of the root password. The following commands will create the database in MySQL, and then import the schema needed. Enter the MySQL root password, when prompted for a password.
$ mysqladmin -u root -p create dmarc
Enter password:
$ mysql -u root -p dmarc < mkdmarc
Enter password:

Now you will need to edit the “rddmarc” script, to use the password you set in the “mkdmarc” script earlier.
$ vi rddmarc
(change password "xxx")

By default, the “rddmarc” script appears to expect to be reading raw mail files from your mail folder. So, you may need to figure out where these files are located on your system, and then do something similar to:
$./rddmarc Mail/*